Cream Finance DeFi Platform Loses $19M in a Major Security Attack

Cream Finance DeFi platform announced today that it lost $19 million in a major security attack. The hacker drained $18.8 million by exploiting a bug in the AMP token in a set of 17 transactions.


Cream Finance DeFi platform announced today that it lost $19 million in a major security attack.
Cream Finance Logo | Image: Cream Finance

According to Cream Finance, a DeFi protocol focused on lending, they have stopped the exploit by ceasing supply and borrow contracts on the AMP token. Also, the team said, “No other markets were affected.”


In addition, a leading blockchain security company, Peckshield, looked into the matter. The firm highlighted that the hacker used the AMP token by re-borrowing digital assets during the transfer before updating the first to borrow in 17 different transactions.


Peckshield explained as follows:


“The hacker makes a flashloan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer. Then the hacker self-liquidates the borrow.”


Peckshield also clarified that the funds are still parked in an address (0xCE1F….6EDE), and they are actively monitoring the address for any movement.


For instance, AMP is an Ethereum-based token designed to collateralize payments on Flexa, a digital payments network. Introduced in 2019, the AMP token contract executes an ERC77-based registry smart contract known as ERC1820.


in addition, the attack affected the prices of both AMP token and Cream Finance's native token CREAM. The cryptos price dropped, with AMP plunging almost 13% over the past 24 hours. According to CoinMarketCap, the AMP token is trading at $0.05454, while the CREAM token is trading at $167, down around 5% over the past 24 hours.


As the crypto industry is growing, so are threats. Two weeks ago, Japanese Exchange Liquid Global also suffered a massive hack. According to reports, hackers drained up to $80 million in digital assets from the platform. On Aug. 28, the Bilaxy crypto exchange also suffered a major hot wallet hack leading to 295 ERC-20 tokens being jeopardized.